You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by me...@apache.org on 2017/08/24 05:52:12 UTC
[1/2] ranger git commit: RANGER-1717:User with KEYADMIN role is not
able to see Audit => Admin logs
Repository: ranger
Updated Branches:
refs/heads/master 5fc9ee1f9 -> 053cdd7b7
RANGER-1717:User with KEYADMIN role is not able to see Audit => Admin logs
Project: http://git-wip-us.apache.org/repos/asf/ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/b9cdb0bd
Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/b9cdb0bd
Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/b9cdb0bd
Branch: refs/heads/master
Commit: b9cdb0bd540f4e092720026ca92ce934cc13f90d
Parents: 5fc9ee1
Author: Bhavik Patel <bh...@gmail.com>
Authored: Tue Aug 22 10:56:23 2017 +0530
Committer: Mehul Parikh <me...@apache.org>
Committed: Thu Aug 24 11:20:36 2017 +0530
----------------------------------------------------------------------
.../java/org/apache/ranger/biz/AssetMgr.java | 91 ++++++++++---------
.../apache/ranger/service/XTrxLogService.java | 92 +++++++++++++++++---
2 files changed, 126 insertions(+), 57 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ranger/blob/b9cdb0bd/security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java
index 7d1573d..a53d46a 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java
@@ -897,55 +897,54 @@ public class AssetMgr extends AssetMgrBase {
}
public VXTrxLogList getReportLogs(SearchCriteria searchCriteria) {
- if (!xaBizUtil.isAdmin()) {
- throw restErrorUtil.create403RESTException("Permission Denied !");
- }
-
- if (searchCriteria == null) {
- searchCriteria = new SearchCriteria();
- }
-
- if (searchCriteria.getParamList() != null
- && !searchCriteria.getParamList().isEmpty()) {
- int clientTimeOffsetInMinute = RestUtil.getClientTimeOffset();
- Date temp = null;
- DateUtil dateUtil = new DateUtil();
- if (searchCriteria.getParamList().containsKey("startDate")) {
- temp = (Date) searchCriteria.getParamList().get(
- "startDate");
- temp = dateUtil.getDateFromGivenDate(temp, 0, 0, 0, 0);
- temp = dateUtil.addTimeOffset(temp, clientTimeOffsetInMinute);
- searchCriteria.getParamList().put("startDate", temp);
+ if (xaBizUtil.isAdmin() || xaBizUtil.isKeyAdmin()) {
+ if (searchCriteria == null) {
+ searchCriteria = new SearchCriteria();
}
- if (searchCriteria.getParamList().containsKey("endDate")) {
- temp = (Date) searchCriteria.getParamList().get(
- "endDate");
- temp = dateUtil.getDateFromGivenDate(temp, 0, 23, 59, 59);
- temp = dateUtil.addTimeOffset(temp, clientTimeOffsetInMinute);
- searchCriteria.getParamList().put("endDate", temp);
- }
- if (searchCriteria.getParamList().containsKey("owner")) {
- XXPortalUser xXPortalUser = rangerDaoManager.getXXPortalUser().findByLoginId(
- (searchCriteria.getParamList().get("owner").toString()));
- if(xXPortalUser != null) {
- searchCriteria.getParamList().put("owner", xXPortalUser.getId());
- } else {
- searchCriteria.getParamList().put("owner", 0);
+
+ if (searchCriteria.getParamList() != null
+ && !searchCriteria.getParamList().isEmpty()) {
+ int clientTimeOffsetInMinute = RestUtil.getClientTimeOffset();
+ Date temp = null;
+ DateUtil dateUtil = new DateUtil();
+ if (searchCriteria.getParamList().containsKey("startDate")) {
+ temp = (Date) searchCriteria.getParamList().get(
+ "startDate");
+ temp = dateUtil.getDateFromGivenDate(temp, 0, 0, 0, 0);
+ temp = dateUtil.addTimeOffset(temp, clientTimeOffsetInMinute);
+ searchCriteria.getParamList().put("startDate", temp);
}
-
+ if (searchCriteria.getParamList().containsKey("endDate")) {
+ temp = (Date) searchCriteria.getParamList().get(
+ "endDate");
+ temp = dateUtil.getDateFromGivenDate(temp, 0, 23, 59, 59);
+ temp = dateUtil.addTimeOffset(temp, clientTimeOffsetInMinute);
+ searchCriteria.getParamList().put("endDate", temp);
+ }
+ if (searchCriteria.getParamList().containsKey("owner")) {
+ XXPortalUser xXPortalUser = rangerDaoManager.getXXPortalUser().findByLoginId(
+ (searchCriteria.getParamList().get("owner").toString()));
+ if(xXPortalUser != null) {
+ searchCriteria.getParamList().put("owner", xXPortalUser.getId());
+ } else {
+ searchCriteria.getParamList().put("owner", 0);
+ }
+
+ }
+
}
+ VXTrxLogList vXTrxLogList = xTrxLogService
+ .searchXTrxLogs(searchCriteria);
+ Long count = xTrxLogService
+ .searchXTrxLogsCount(searchCriteria);
+ vXTrxLogList.setTotalCount(count);
+ List<VXTrxLog> newList = validateXXTrxLogList(vXTrxLogList.getVXTrxLogs());
+ vXTrxLogList.setVXTrxLogs(newList);
+ return vXTrxLogList;
+ } else {
+ throw restErrorUtil.create403RESTException("Permission Denied !");
}
-
- VXTrxLogList vXTrxLogList = xTrxLogService
- .searchXTrxLogs(searchCriteria);
- Long count = xTrxLogService
- .searchXTrxLogsCount(searchCriteria);
- vXTrxLogList.setTotalCount(count);
-
- List<VXTrxLog> newList = validateXXTrxLogList(vXTrxLogList.getVXTrxLogs());
- vXTrxLogList.setVXTrxLogs(newList);
- return vXTrxLogList;
}
public VXAccessAuditList getAccessLogs(SearchCriteria searchCriteria) {
@@ -1057,9 +1056,7 @@ public class AssetMgr extends AssetMgrBase {
}
}
}
- if(vXTrxLog.getPreviousValue() != null && !vXTrxLog.getPreviousValue().isEmpty() || vXTrxLog.getNewValue() != null && !vXTrxLog.getNewValue().isEmpty()) {
- vXTrxLogs.add(vXTrxLog);
- }
+ vXTrxLogs.add(vXTrxLog);
}
return vXTrxLogs;
}
http://git-wip-us.apache.org/repos/asf/ranger/blob/b9cdb0bd/security-admin/src/main/java/org/apache/ranger/service/XTrxLogService.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/service/XTrxLogService.java b/security-admin/src/main/java/org/apache/ranger/service/XTrxLogService.java
index 302076e..6736c56 100644
--- a/security-admin/src/main/java/org/apache/ranger/service/XTrxLogService.java
+++ b/security-admin/src/main/java/org/apache/ranger/service/XTrxLogService.java
@@ -35,13 +35,19 @@ import javax.persistence.metamodel.Metamodel;
import javax.persistence.metamodel.SingularAttribute;
import org.apache.commons.lang.StringUtils;
+import org.apache.ranger.common.AppConstants;
+import org.apache.ranger.common.ContextUtil;
import org.apache.ranger.common.SearchCriteria;
import org.apache.ranger.common.SearchField;
import org.apache.ranger.common.SortField;
import org.apache.ranger.common.SortField.SORT_ORDER;
+import org.apache.ranger.common.UserSessionBase;
import org.apache.ranger.entity.XXPortalUser;
+import org.apache.ranger.entity.XXPortalUserRole;
+import org.apache.ranger.entity.XXServiceDef;
import org.apache.ranger.entity.XXTrxLog;
import org.apache.ranger.entity.view.VXXTrxLog;
+import org.apache.ranger.plugin.store.EmbeddedServiceDefsUtil;
import org.apache.ranger.view.VXTrxLog;
import org.apache.ranger.view.VXTrxLogList;
import org.springframework.context.annotation.Scope;
@@ -51,6 +57,7 @@ import org.springframework.util.CollectionUtils;
@Service
@Scope("singleton")
public class XTrxLogService extends XTrxLogServiceBase<XXTrxLog, VXTrxLog> {
+ Long keyadminCount = 0L;
public XTrxLogService(){
searchFields.add(new SearchField("attributeName", "obj.attributeName",
@@ -78,7 +85,7 @@ public class XTrxLogService extends XTrxLogServiceBase<XXTrxLog, VXTrxLog> {
protected void validateForUpdate(VXTrxLog vObj, XXTrxLog mObj) {}
@Override
- public VXTrxLogList searchXTrxLogs(SearchCriteria searchCriteria) {
+ public VXTrxLogList searchXTrxLogs(SearchCriteria searchCriteria) {
EntityManager em = daoManager.getEntityManager();
CriteriaBuilder criteriaBuilder = em.getCriteriaBuilder();
CriteriaQuery<VXXTrxLog> selectCQ = criteriaBuilder.createQuery(VXXTrxLog.class);
@@ -86,23 +93,32 @@ public class XTrxLogService extends XTrxLogServiceBase<XXTrxLog, VXTrxLog> {
Predicate predicate = generatePredicate(searchCriteria, em, criteriaBuilder, rootEntityType);
selectCQ.where(predicate);
- if("asc".equalsIgnoreCase(searchCriteria.getSortType())){
+ if ("asc".equalsIgnoreCase(searchCriteria.getSortType())) {
selectCQ.orderBy(criteriaBuilder.asc(rootEntityType.get("createTime")));
- }else{
+ } else {
selectCQ.orderBy(criteriaBuilder.desc(rootEntityType.get("createTime")));
}
int startIndex = searchCriteria.getStartIndex();
int pageSize = searchCriteria.getMaxRows();
- List<VXXTrxLog> resultList = em.createQuery(selectCQ).setFirstResult(startIndex).setMaxResults(pageSize).getResultList();
+ List<VXXTrxLog> resultList = em.createQuery(selectCQ).setFirstResult(startIndex).setMaxResults(pageSize)
+ .getResultList();
+
+ int maxRowSize = Integer.MAX_VALUE;
+ int minRowSize = 0;
+ XXServiceDef xxServiceDef = daoManager.getXXServiceDef()
+ .findByName(EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_KMS_NAME);
+ UserSessionBase session = ContextUtil.getCurrentUserSession();
+ if (session != null && session.isKeyAdmin()) {
+ resultList = em.createQuery(selectCQ).setFirstResult(minRowSize).setMaxResults(maxRowSize).getResultList();
+ }
List<VXTrxLog> trxLogList = new ArrayList<VXTrxLog>();
- for(VXXTrxLog xTrxLog : resultList){
+ for (VXXTrxLog xTrxLog : resultList) {
VXTrxLog trxLog = mapCustomViewToViewObj(xTrxLog);
- if(trxLog.getUpdatedBy() != null){
- XXPortalUser xXPortalUser= daoManager.getXXPortalUser().getById(
- Long.parseLong(trxLog.getUpdatedBy()));
- if(xXPortalUser != null){
+ if (trxLog.getUpdatedBy() != null) {
+ XXPortalUser xXPortalUser = daoManager.getXXPortalUser().getById(Long.parseLong(trxLog.getUpdatedBy()));
+ if (xXPortalUser != null) {
trxLog.setOwner(xXPortalUser.getLoginId());
}
}
@@ -110,10 +126,61 @@ public class XTrxLogService extends XTrxLogServiceBase<XXTrxLog, VXTrxLog> {
trxLogList.add(trxLog);
}
+ List<VXTrxLog> keyAdminTrxLogList = new ArrayList<VXTrxLog>();
+ if (session != null && session.isKeyAdmin() && xxServiceDef != null && resultList != null) {
+ List<VXTrxLog> vXTrxLogs = new ArrayList<VXTrxLog>();
+ for (VXTrxLog xTrxLog : trxLogList) {
+ int parentObjectClassType = xTrxLog.getParentObjectClassType();
+ Long parentObjectId = xTrxLog.getParentObjectId();
+ if (parentObjectClassType == AppConstants.CLASS_TYPE_XA_SERVICE_DEF
+ && parentObjectId == xxServiceDef.getId()) {
+ vXTrxLogs.add(xTrxLog);
+ } else if (parentObjectClassType == AppConstants.CLASS_TYPE_XA_SERVICE
+ && parentObjectId != xxServiceDef.getId()) {
+ for (VXTrxLog vxTrxLog : trxLogList) {
+ if (parentObjectClassType == vxTrxLog.getObjectClassType()
+ && parentObjectId == vxTrxLog.getObjectId()
+ && vxTrxLog.getParentObjectId() == xxServiceDef.getId()) {
+ vXTrxLogs.add(xTrxLog);
+ break;
+ }
+ }
+ } else if (xTrxLog.getObjectClassType() == AppConstants.CLASS_TYPE_XA_USER
+ || xTrxLog.getObjectClassType() == AppConstants.CLASS_TYPE_RANGER_POLICY
+ || xTrxLog.getObjectClassType() == AppConstants.HIST_OBJ_STATUS_UPDATED) {
+ XXPortalUser xxPortalUser = null;
+ if (xTrxLog.getUpdatedBy() != null) {
+ xxPortalUser = daoManager.getXXPortalUser()
+ .getById(Long.parseLong(xTrxLog.getUpdatedBy()));
+ }
+ if (xxPortalUser != null && xxPortalUser.getId() != null) {
+ List<XXPortalUserRole> xxPortalUserRole = daoManager.getXXPortalUserRole()
+ .findByUserId(xxPortalUser.getId());
+ if (xxPortalUserRole != null
+ && xxPortalUserRole.get(0).getUserRole().equalsIgnoreCase("ROLE_KEY_ADMIN")) {
+ vXTrxLogs.add(xTrxLog);
+ }
+ }
+ }
+ }
+ keyadminCount = (long) vXTrxLogs.size();
+ if (vXTrxLogs != null && !vXTrxLogs.isEmpty()) {
+ for (int k = startIndex; k <= pageSize; k++) {
+ if (k < vXTrxLogs.size()) {
+ keyAdminTrxLogList.add(vXTrxLogs.get(k));
+ }
+ }
+ }
+ }
+
VXTrxLogList vxTrxLogList = new VXTrxLogList();
vxTrxLogList.setStartIndex(startIndex);
vxTrxLogList.setPageSize(pageSize);
- vxTrxLogList.setVXTrxLogs(trxLogList);
+ if (session != null && session.isKeyAdmin()) {
+ vxTrxLogList.setVXTrxLogs(keyAdminTrxLogList);
+ } else {
+ vxTrxLogList.setVXTrxLogs(trxLogList);
+ }
return vxTrxLogList;
}
@@ -134,6 +201,10 @@ public class XTrxLogService extends XTrxLogServiceBase<XXTrxLog, VXTrxLog> {
count = 0L;
}
}
+ UserSessionBase session = ContextUtil.getCurrentUserSession();
+ if (session != null && session.isKeyAdmin()) {
+ count = keyadminCount;
+ }
return count;
}
@@ -240,6 +311,7 @@ public class XTrxLogService extends XTrxLogServiceBase<XXTrxLog, VXTrxLog> {
}
//We will have to get this from XXUser
//vXTrxLog.setOwner(vXXTrxLog.getAddedByUserName());
+ vXTrxLog.setParentObjectId(vXXTrxLog.getParentObjectId());
vXTrxLog.setParentObjectClassType(vXXTrxLog.getParentObjectClassType());
vXTrxLog.setParentObjectName(vXXTrxLog.getParentObjectName());
vXTrxLog.setObjectClassType(vXXTrxLog.getObjectClassType());
[2/2] ranger git commit: RANGER-1748 : User is unable to update
existing policy while importing policy from file
Posted by me...@apache.org.
RANGER-1748 : User is unable to update existing policy while importing policy from file
Project: http://git-wip-us.apache.org/repos/asf/ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/053cdd7b
Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/053cdd7b
Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/053cdd7b
Branch: refs/heads/master
Commit: 053cdd7b7e367aef09ab9d6b862f86fad35de811
Parents: b9cdb0b
Author: Bhavik Patel <bh...@gmail.com>
Authored: Wed Aug 23 17:21:44 2017 +0530
Committer: Mehul Parikh <me...@apache.org>
Committed: Thu Aug 24 11:21:22 2017 +0530
----------------------------------------------------------------------
.../org/apache/ranger/rest/ServiceREST.java | 32 ++++++++++++++++----
1 file changed, 26 insertions(+), 6 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ranger/blob/053cdd7b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
index 38fde8a..6de8a14 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
@@ -1410,6 +1410,11 @@ public class ServiceREST {
String serviceName = request.getParameter(PARAM_SERVICE_NAME);
String policyName = request.getParameter(PARAM_POLICY_NAME);
String updateIfExists = request.getParameter(PARAM_UPDATE_IF_EXISTS);
+
+ if (serviceName == null && policyName == null && updateIfExists != null && updateIfExists.equalsIgnoreCase("true")){
+ serviceName = (String) request.getAttribute(PARAM_SERVICE_NAME);
+ policyName = (String) request.getAttribute(PARAM_POLICY_NAME);
+ }
if(StringUtils.isNotEmpty(serviceName)) {
policy.setService(serviceName);
@@ -1430,7 +1435,8 @@ public class ServiceREST {
existingPolicy = getPolicyByName(policy.getService(), policy.getName());
}
- if(existingPolicy != null) {
+ if (existingPolicy != null) {
+ policy.setId(existingPolicy.getId());
ret = updatePolicy(policy);
}
} catch(Exception excp) {
@@ -2010,7 +2016,13 @@ public class ServiceREST {
}
}
}
- if (isOverride){
+ String updateIfExists = request.getParameter(PARAM_UPDATE_IF_EXISTS);
+ if (updateIfExists == null || updateIfExists.isEmpty()) {
+ updateIfExists = "false";
+ } else if (updateIfExists.equalsIgnoreCase("true")) {
+ isOverride = false;
+ }
+ if (isOverride && updateIfExists.equalsIgnoreCase("false")){
if (LOG.isDebugEnabled()) {
LOG.debug("Deleting Policy from provided services in servicesMapJson file...");
}
@@ -2034,20 +2046,28 @@ public class ServiceREST {
for (String service : serviceNameList) {
if (StringUtils.isNotEmpty(service.trim()) && StringUtils.isNotEmpty(policy.getService().trim())){
if (policy.getService().trim().equalsIgnoreCase(service.trim())) {
- createPolicy(policy, null);
+ if (updateIfExists != null && !updateIfExists.isEmpty()){
+ request.setAttribute(PARAM_SERVICE_NAME, policy.getService());
+ request.setAttribute(PARAM_POLICY_NAME, policy.getName());
+ }
+ createPolicy(policy, request);
totalPolicyCreate = totalPolicyCreate + 1;
if (LOG.isDebugEnabled()) {
LOG.debug("Policy " + policy.getName() + " created successfully.");
}
break;
}
- }else{
+ } else {
LOG.error("Service Name or Policy Name is not provided!!");
throw restErrorUtil.createRESTException("Service Name or Policy Name is not provided!!");
}
}
- }else{
- createPolicy(policy, null);
+ } else {
+ if (updateIfExists != null && !updateIfExists.isEmpty()){
+ request.setAttribute(PARAM_SERVICE_NAME, policy.getService());
+ request.setAttribute(PARAM_POLICY_NAME, policy.getName());
+ }
+ createPolicy(policy, request);
totalPolicyCreate = totalPolicyCreate + 1;
if (LOG.isDebugEnabled()) {
LOG.debug("Policy " + policy.getName() + " created successfully.");